1. Field of the Invention
The present invention relates to a computer system, and more particularly to a method of maintaining security of a BIOS included in a BIOS ROM of a computer system.
2. Description of the Related Art
A BIOS (Basic Input Output System) of a computer system plays an important role in confirming initialization and error of the computer system by a POST (Power On Self Test) using a CMOS (Complementary Metal Oxide Semiconductor) Setup value, and performing a Run-time function after operating an OS (Operating System) of the computer system.
FIG. 3 illustrates a conventional structure of security maintenance of a BIOS ROM (Read Only Memory) implemented in hardware in a computer system. A north bridge chip 20 to control video and memory, and a south bridge chip 30 to control various peripheral devices in the computer system are both connected to a CPU 10 via a bus structure. In the conventional system, a BIOS ROM 50 on which the BIOS is stored includes a rewritable Flash-ROM and is connected to the south bridge chip 30 via a LPC (Low Pin Count) bus. An SIO (Super Input/Output) chip 40, which is an input/output device of a Legacy Port, an FDD or the like, is connected to the south bridge chip 30 via the LPC bus.
To prevent writing to the BIOS ROM 50, one of the GPIO (General Purpose Input/Output) pins of a chipset having a GPIO function can be set up as a BIOS writing protection (BIOSWP#) pin. In FIG. 3, a GPIO pin 41 provided in the SIO chip 40 is set up as the BIOSWP#. A CS (chip select) signal for selecting an input part 51 of a flash region of the BIOS ROM 50 is outputted therefrom. According to high/low signal outputted from the BIOSWP# pin, writing operation in the flash region of the BIOS ROM 50 is enabled or disabled. The writing operation of the BIOS ROM 50 may be performed by setting up one of the GPIO pins provided in the south bridge chip 30 as the BIOSWP# pin.
Thus, if the BIOSWP# pin is set up as enabled with the POST being performed by the BIOS, elimination or writing to the flash region of the BIOS ROM can be prevented. Also, in a case of recording an ESCD (Extended System Configuration Data) region of the BIOS ROM, or in a case of updating the BIOS, the BIOSWP# pin is set up as disabled by using a PNP NVRAM (Plug and Play Non-volatile Random Access Memory) manager, to thereby enable writing to the flash region of the BIOS ROM.
However, in a case that location of the BIOSWP# pin on the SIO chip or the south bridge chip is disclosed, or in a case that a memory-mapped IO address assigned as an IO (Input/Output) trap region and a control method such as a GPIO pin set-up method are disclosed, there is a security problem that a function of the BIOSWP# pin is optionally set up as disabled and thus content of the BIOS ROM is changed or removed. Therefore, in a case that the BIOS is changed by a virulent virus owing to carelessness in security for the BIOS in the computer system, fatal damage to the computer system can occur, for example booting of the computer system may be disabled or the function thereof is not performed. In fact, there have been instances where a user's system was badly damaged by a CIH (Chernobyl) virus that removed the content of the BIOS ROM.